Re: [PLUG] Firewall Check

LeRoy Cressy on Sat, 27 Sep 2003 09:48:04 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall Check

From: LeRoy Cressy <ldc@lrcressy.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Firewall Check

Date: Sat, 27 Sep 2003 09:45:56 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

nmap -v -sS -sU -O -oG 68.46.172.168-portscan 68.46.172.168

# nmap 3.27 scan initiated Sat Sep 27 09:40:33 2003 as: nmap -v -v -sS - -sU -O -oN 68.46.172.168-portscan 68.46.172.168 Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 3094 scanned ports on pcp01770803pcs.audubn01.nj.comcast.net (68.46.172.168) are: filtered Too many fingerprints match this host for me to give an accurate OS guess TCP/IP fingerprint: SInfo(V=3.27%P=i686-pc-linux-gnu%D=9/27%Time=3F759407%O=-1%C=-1) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N)

# Nmap run completed at Sat Sep 27 09:43:35 2003 -- 1 IP address (1 host up) scanned in 181.991 seconds

Paul wrote:
Magnus Hedemark wrote:

All tcp, udp & rpc ports seem completely filtered.

If you're running an iptables firewall you can specify how much of a given protocol you'll let in at any time ( see "--limit " in the iptables man page) which could help you somewhat if someone tries to flood you. Apparently I can ping flood you without getting dropped. I can also send some pretty huge ping packets without getting blocked. This is definitely something to look at. You might also want to take a closer look at what specific ICMP types you're passing, and under what conditions.

Please, scan me again. 68.46.172.168

I made this attempt to limit pings to one per second.

ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5

You should also see TCP 113 AUTH and UDP 53 DNS ports open now.

Opening AUTH speeds up IMAP authentication.

It's odd that I need UDP port 53 open when DNS requests go out on a high numbered port and comes back on the same port. However, it does speed up name resolution.

_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

- -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\ http://lrcressy.com ( o.o ) Phone: 215-535-4037 > ^ <

gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA

For info on enigmail: http://lrcressy.com/linux/mozilla.pdf For info on gpg: http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE/dZSdP+/m2oUBr+oRAocTAKCII6YETSotVOvd06ax42vmKBk7qQCeICZf ljaiVc9IqOjTmoP/770geiQ= =KPN7 -----END PGP SIGNATURE-----

_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Firewall Check
From: Paul <emailme@dpagin.net>

References:

[PLUG] Firewall Check
From: Paul <emailme@dpagin.net>

Re: [PLUG] Firewall Check
From: Magnus Hedemark <chrish@trilug.org>

Re: [PLUG] Firewall Check
From: Paul <emailme@dpagin.net>

Prev by Date: [PLUG] [Fwd: 'ORCL' News -- Enterprise Unix Roundup: Back in the Closet With t...]

Next by Date: [PLUG] Geek News Sources

Previous by thread: Re: [PLUG] Firewall Check

Next by thread: Re: [PLUG] Firewall Check

Index(es):

Date

Thread